<?php
$txtcode=replatestring($_POST[txtcode],false);
$txtpass=replatestring($_POST[txtpass],false);
$txtpass= md5($txtpass);
$txthoten=replatestring($_POST[txthoten],false);
$txnguoidaidien=replatestring($_POST[txnguoidaidien],false);
$txtchucvu=replatestring($_POST[txtchucvu],false);
$nguoiphutrach=replatestring($_POST[nguoiphutrach],false);
$tel_nguoiphutrach=replatestring($_POST[tel_nguoiphutrach],false);
$txtdiachi=replatestring($_POST[txtdiachi],false);
$txtphone=replatestring($_POST[txtphone],false);
$txtmobile=replatestring($_POST[txtmobile],false);
$txtfax=replatestring($_POST[txtfax],false);
$txtcmnn=replatestring($_POST[txtcmnn],false);
$txtngaysinh=replatestring($_POST[txtngaysinh],false);
$txttax=replatestring($_POST[txttax],false);
$txtemail=replatestring($_POST[txtemail],false);
$txtemailphu=replatestring($_POST[txtemailphu],false);
$txtwebsite=replatestring($_POST[txtwebsite],false);
$txtaccountbank=replatestring($_POST[txtaccountbank],false);
$txtaccountbank_name=replatestring($_POST[txtaccountbank_name],false);
$listnhom=replatestring($_POST[listnhom],false);
$room=$_POST['room'];
$position=$_POST['position'];
$quyen=$_POST['quyen'];
$txtstatus=replatestring($_POST[txtstatus],false);
$date=time();
if($listnhom==""){$listnhom==0;}
$id=replatestring($_POST[id],false);
//Kiem tra tính hợp lệ của dữ liệu
$data=false;
if(checkstring($txtcode,"user",20)==true){$data=true;}
if(checkstring($txtemail,"email",150)==true){$data=true;}
if(checkstring($listnhom,"number",2)==true){$data=true;}
if(checkstring($txtstatus,"number",2)==true){$data=true;}

if($data==true){
	if($id==""){
	//THem Tai Khoan
		//echo ;
		$checkue=false;
		if(catchinfor($txtemail,"account_email","account_id","tb_account")!=""){
		$checkue=true;
		$cauthongbao="Email đã tồn tại";
		$link="index.php?progid=1";
		thongbao($cauthongbao,$link);}		
		if(catchinfor($txtcode,"account_code","account_id","tb_account")!="")
		{
			$checkue=true;
			$cauthongbao="Mã khách hàng đã tồn tại";
			$link="index.php?progid=1";
		
		thongbao($cauthongbao,$link);
		}
		if($checkue==false){
		mysql_query("insert into 
								tb_account (account_code,account_email,account_email2,account_pass,account_name,present_person,positions,account_address,account_tel,account_mobile,account_fax,account_cmnn,account_birthday,account_tax,account_web,account_bank,account_bank_name,account_time,account_role,account_status,nguoiphutrach,tel_nguoiphutrach,room,chucvu,rights) 
								value('$txtcode','$txtemail','$txtemailphu','$txtpass','$txthoten','$txnguoidaidien','$txtchucvu','$txtdiachi','$txtphone','$txtmobile','$txtfax','$txtcmnn','$txtngaysinh','$txttax','$txtwebsite','$txtaccountbank','$txtaccountbank_name','$date','$listnhom','$txtstatus','$nguoiphutrach','$tel_nguoiphutrach','$room','$position','$quyen')");
		$cauthongbao="Bạn đã thêm thành công";
		$link="index.php?progid=1";
		thongbao($cauthongbao,$link);
		}	
	}else{
	//Sủa tài khỏan
		$checkue=false;
		if(catchinfor3($txtemail,"account_email",$id,"account_id","account_id","tb_account")!=""){
		$checkue=true;
		$cauthongbao="Email đã tồn tại";
		$link="index.php?progid=1&taikhoan=sua&id=".$id;
		thongbao($cauthongbao,$link);}		
		if($checkue==false){
		//mysql_query("call sp_tbtaikhoan_sua('$txtuser','$txthoten','$txtdiachi','$txtphone','$txtmobile','$txtemail','$listnhom','$txtstatus','$id') ");
		mysql_query("Update tb_account SET account_code='$txtcode',account_email='$txtemail',account_email2='$txtemailphu',account_name='$txthoten',present_person='$txnguoidaidien',positions='$txtchucvu',account_address='$txtdiachi',account_tel='$txtphone', account_mobile='$txtmobile',account_fax='$txtfax',account_cmnn='$txtcmnn',account_birthday='$txtngaysinh',account_tax='$txttax',account_web='$txtwebsite',account_bank='$txtaccountbank',account_bank_name='$txtaccountbank_name',account_role='$listnhom', account_status='$txtstatus',nguoiphutrach='$nguoiphutrach',tel_nguoiphutrach='$tel_nguoiphutrach',room='$room',chucvu='$position',rights='$quyen' where account_id= '$id'");
			if($_POST[txtpass]!=""){
		
			mysql_query("update tb_account set account_pass= '$txtpass' where account_id='$id'");
			}
		$cauthongbao="Bạn đã sửa thành công";
		$link="index.php?progid=1";
		thongbao($cauthongbao,$link);
		
		}
	}
}else{
		$cauthongbao="Dữ liệu không hợp lệ";
		$link="index.php?progid=1";
		thongbao($cauthongbao,$link);
}
?>